add more unit test

Signed-off-by: FedeNQ <fedenahuel07@gmail.com>
spiffe · Feb 7, 2024 · b58a0d0 · b58a0d0
1 parent 745716d
commit b58a0d0
Show file tree

Hide file tree

Showing 3 changed files with 259 additions and 5 deletions.
diff --git a/cmd/spire-server/cli/entry/count.go b/cmd/spire-server/cli/entry/count.go
@@ -141,7 +141,7 @@ func (c *countCommand) AppendFlags(fs *flag.FlagSet) {
  fs.Var(&c.federatesWith, "federatesWith", "SPIFFE ID of a trust domain an entry is federate with. Can be used more than once")
  fs.StringVar(&c.matchFederatesWithOn, "matchFederatesWithOn", "superset", "The match mode used when filtering by federates with. Options: exact, any, superset and subset")
  fs.StringVar(&c.matchSelectorsOn, "matchSelectorsOn", "superset", "The match mode used when filtering by selectors. Options: exact, any, superset and subset")
- fs.StringVar(&c.hint, "hint", "", "The Hint of the records to  count (optional)")
+ fs.StringVar(&c.hint, "hint", "", "The Hint of the records to count (optional)")
 
  cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintCount)
 }

diff --git a/cmd/spire-server/cli/entry/count_test.go b/cmd/spire-server/cli/entry/count_test.go
@@ -5,9 +5,11 @@ import (
  "testing"
 
  entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1"
+ "github.com/spiffe/spire-api-sdk/proto/spire/api/types"
  "github.com/stretchr/testify/require"
  "google.golang.org/grpc/codes"
  "google.golang.org/grpc/status"
+ "google.golang.org/protobuf/types/known/wrapperspb"
 )
 
 func TestCountHelp(t *testing.T) {
@@ -31,12 +33,262 @@ func TestCount(t *testing.T) {
  for _, tt := range []struct {
  name string
  args []string
+ expCountReq *entryv1.CountEntriesRequest
  fakeCountResp *entryv1.CountEntriesResponse
  serverErr error
  expOutPretty string
  expOutJSON string
  expErr string
  }{
+ {
+ name: "Count all entries (empty filter)",
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp4,
+ expOutPretty: "4 registration entries",
+ expOutJSON: `{"count":4}`,
+ },
+ {
+ name: "Count by parentID",
+ args: []string{"-parentID", "spiffe://example.org/father"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/father"},
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp2,
+ expOutPretty: "2 registration entries",
+ expOutJSON: `{"count":2}`,
+ },
+ {
+ name: "Count by parent ID using invalid ID",
+ args: []string{"-parentID", "invalid-id"},
+ expErr: "Error: error parsing parent ID \"invalid-id\": scheme is missing or invalid\n",
+ },
+ {
+ name: "Count by SPIFFE ID",
+ args: []string{"-spiffeID", "spiffe://example.org/daughter"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"},
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp2,
+ expOutPretty: "2 registration entries",
+ expOutJSON: `{"count":2}`,
+ },
+ {
+ name: "Count by SPIFFE ID using invalid ID",
+ args: []string{"-spiffeID", "invalid-id"},
+ expErr: "Error: error parsing SPIFFE ID \"invalid-id\": scheme is missing or invalid\n",
+ },
+ {
+ name: "Count by selectors: default matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySelectors: &types.SelectorMatch{
+ Selectors: []*types.Selector{
+ {Type: "foo", Value: "bar"},
+ {Type: "bar", Value: "baz"},
+ },
+ Match: types.SelectorMatch_MATCH_SUPERSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by selectors: exact matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "exact"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySelectors: &types.SelectorMatch{
+ Selectors: []*types.Selector{
+ {Type: "foo", Value: "bar"},
+ {Type: "bar", Value: "baz"},
+ },
+ Match: types.SelectorMatch_MATCH_EXACT,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by selectors: superset matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "superset"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySelectors: &types.SelectorMatch{
+ Selectors: []*types.Selector{
+ {Type: "foo", Value: "bar"},
+ {Type: "bar", Value: "baz"},
+ },
+ Match: types.SelectorMatch_MATCH_SUPERSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by selectors: subset matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "subset"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySelectors: &types.SelectorMatch{
+ Selectors: []*types.Selector{
+ {Type: "foo", Value: "bar"},
+ {Type: "bar", Value: "baz"},
+ },
+ Match: types.SelectorMatch_MATCH_SUBSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by selectors: Any matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "any"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySelectors: &types.SelectorMatch{
+ Selectors: []*types.Selector{
+ {Type: "foo", Value: "bar"},
+ {Type: "bar", Value: "baz"},
+ },
+ Match: types.SelectorMatch_MATCH_ANY,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by selectors: Invalid matcher",
+ args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "NO-MATCHER"},
+ expErr: "Error: match behavior \"NO-MATCHER\" unknown\n",
+ },
+ {
+ name: "Count by selector using invalid selector",
+ args: []string{"-selector", "invalid-selector"},
+ expErr: "Error: error parsing selectors: selector \"invalid-selector\" must be formatted as type:value\n",
+ },
+ {
+ name: "Server error",
+ args: []string{"-spiffeID", "spiffe://example.org/daughter"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"},
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ serverErr: status.Error(codes.Internal, "internal server error"),
+ expErr: "Error: rpc error: code = Internal desc = internal server error\n",
+ },
+ {
+ name: "Count by Federates With: default matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByFederatesWith: &types.FederatesWithMatch{
+ TrustDomains: []string{"spiffe://domain.test"},
+ Match: types.FederatesWithMatch_MATCH_SUPERSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by Federates With: exact matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "exact"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByFederatesWith: &types.FederatesWithMatch{
+ TrustDomains: []string{"spiffe://domain.test"},
+ Match: types.FederatesWithMatch_MATCH_EXACT,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by Federates With: Any matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "any"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByFederatesWith: &types.FederatesWithMatch{
+ TrustDomains: []string{"spiffe://domain.test"},
+ Match: types.FederatesWithMatch_MATCH_ANY,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by Federates With: superset matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "superset"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByFederatesWith: &types.FederatesWithMatch{
+ TrustDomains: []string{"spiffe://domain.test"},
+ Match: types.FederatesWithMatch_MATCH_SUPERSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by Federates With: subset matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "subset"},
+ expCountReq: &entryv1.CountEntriesRequest{
+ Filter: &entryv1.CountEntriesRequest_Filter{
+ ByFederatesWith: &types.FederatesWithMatch{
+ TrustDomains: []string{"spiffe://domain.test"},
+ Match: types.FederatesWithMatch_MATCH_SUBSET,
+ },
+ ByDownstream: wrapperspb.Bool(false),
+ },
+ },
+ fakeCountResp: fakeResp1,
+ expOutPretty: "1 registration entry",
+ expOutJSON: `{"count":1}`,
+ },
+ {
+ name: "Count by Federates With: Invalid matcher",
+ args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "NO-MATCHER"},
+ expErr: "Error: match behavior \"NO-MATCHER\" unknown\n",
+ },
  {
  name: "4 entries",
  fakeCountResp: fakeResp4,
@@ -73,13 +325,16 @@ func TestCount(t *testing.T) {
  test.server.err = tt.serverErr
  test.server.countEntriesResp = tt.fakeCountResp
 
- rc := test.client.Run(test.args(tt.args...))
+ args := tt.args
+ args = append(args, "-output", format)
+
+ rc := test.client.Run(test.args(args...))
  if tt.expErr != "" {
  require.Equal(t, 1, rc)
  require.Equal(t, tt.expErr, test.stderr.String())
  return
  }
- requireOutputBasedOnFormat(t, test.stdout.String(), format, tt.expOutPretty, tt.expOutJSON)
+ requireOutputBasedOnFormat(t, format, test.stdout.String(), tt.expOutPretty, tt.expOutJSON)
  require.Equal(t, 0, rc)
  })
  }

diff --git a/doc/spire_server.md b/doc/spire_server.md
@@ -361,7 +361,6 @@ Displays the total number of registration entries.
 | `-socketPath` | Path to the SPIRE Server API socket | /tmp/spire-server/private/api.sock |
 | `-spiffeID` | The SPIFFE ID of the records to count. | |
 
-
 ### `spire-server entry delete`
 
 Deletes a specified registration entry.
@@ -518,7 +517,7 @@ Displays the total number of attested nodes.
 | `-canReattest` | Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all | |
 | `-banned` | Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all | |
 | `-expiresBefore` | A date that indicates the time it should expired before. (format: YYYY-MM-DD) | |
-| `-spiffeID` | The SPIFFE ID of the records to count.  
+| `-spiffeID` | The SPIFFE ID of the records to count. | |
 
 ### `spire-server agent evict`